1
Candidate: CVE-2011-4130
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4130
6
Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g
7
allows remote authenticated users to execute arbitrary code via vectors
8
involving an error that occurs after an FTP data transfer.
11
jdstrand> 1.3.1 is known not to be affected (see DSA-2346-1)
12
jdstrand> DSA-2346-1 introduced a regression
13
jdstrand> code not affected in 11.10 per udienz
20
vendor: http://lists.debian.org/debian-security-announce/2011/msg00223.html
21
vendor: http://lists.debian.org/debian-security-announce/2011/msg00224.html
22
upstream_proftpd-dfsg: released (1.3.4~rc3-2)
23
hardy_proftpd-dfsg: not-affected
24
lucid_proftpd-dfsg: ignored (reached end-of-life)
25
maverick_proftpd-dfsg: ignored (reached end-of-life)
26
natty_proftpd-dfsg: ignored (reached end-of-life)
27
oneiric_proftpd-dfsg: not-affected
28
precise_proftpd-dfsg: not-affected (1.3.4~rc3-2)
29
quantal_proftpd-dfsg: not-affected (1.3.4~rc3-2)
30
raring_proftpd-dfsg: not-affected (1.3.4~rc3-2)
31
saucy_proftpd-dfsg: not-affected (1.3.4~rc3-2)
32
devel_proftpd-dfsg: not-affected (1.3.4~rc3-2)